South Korea Charges Alleged Hackers

South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.

Anonymous: 10 Things We Have Learned In 2013

(click image for larger view and for slideshow)

The South Korean government Saturday charged two men with working with North Korean hackers -- operating from China -- and stealing personal data associated with 140 million South Korean residents.

"The data were obtained by hacking into the websites of department stores, gas stations and online shopping malls as well as from illegal dealers," a spokesman for the Seoul Central Prosecutors' Office told South Korean newspaper The Chosun Ilbo.

Prosecutors said that one of the defendants, whom they identified only by his surname, Choi, had in his possession email addresses and South Korean resident registration numbers, which are required by many websites in the country to create a new user account. Choi had allegedly categorized at least some of the stolen data based on its intended use.

"If this information was passed on to North Korea, the North has a significant amount of personal information about South Korean individuals," said the prosecutor, adding that it was likely that some of the information had also been sold to Chinese and Taiwanese fraudsters for conducting telephone scams.

Prosecutors also accused Choi of working with a North Korean agent and known hacker since 2007, as well as working with hacking tools and spam email distribution software developed by North Korea. Prosecutors said at least 1,000 of the recovered records had been obtained in 2011 from a known North Korean agent.

According to prosecutors, Choi somehow enjoyed administrator-level access to about 68,000 different websites in South Korea. He allegedly used that access to post advertisements for adult-oriented websites. Choi is also accused of hacking into South Korean gambling websites and profiting from them.

The charges come amidst increasing tensions in the Korean peninsula, following North Korea this year testing nuclear weapons and threatening to restart its nuclear reactor at Yongbyon and conduct tests of missiles capable of striking South Korea, Japan and U.S. military bases in the Pacific. North Korea is also suspected of launching wiper malware attacks against South Korean banks and broadcasters that led to mass hard-drive deletions.

Meanwhile, about 10 days ago North Korea officially declared war on South Korea. North Korea's Asia-Pacific Peace Committee (KAPPC) upped the ante Tuesday with a statement warning all foreign nationals residing in South Korea to prepare to evacuate. "The committee informs all foreign institutions and enterprises and foreigners including tourists in Seoul and all other parts of South Korea that they are requested to take measures for shelter and evacuation in advance for their safety," read the KAPPC statement, reported South Korea's Yonhap News Agency. "We do not wish harm on foreigners in South Korea should there be a war."

North Korea's rulers, however, claim they didn't start the escalation. "The United States and the South Korean puppet warmongers are now watching for a chance to start war against the DPRK after massively introducing weapons of mass destruction, including nuclear war hardware into South Korea," they said. DPRK stands for the Democratic People's Republic of Korea, the official name for North Korea, which is ruled from Pyongyang by a totalitarian regime headed by 30-year old Kim Jong-un.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

There is a lot going on over there in the KoreaGÇÖs. If this guy has been working with foreign governments, then the amount of information should be nothing less than significant. The article did not say much about the other guy, what is he charged with releasing and what is his history? You would figure with al the drama that has been occurring over there that the security of these types of breeches would be in the highest priority.

North Korea's got a lot of bluster for a country with an air force (if you can call it that) that still flies biplanes.

While I think it's important that all of the foreign nationals in South Korea be safe, this whole "conflict" seems to amount to a pair of Yorkshire Terriers with bad attitudes yapping at each other from across the street while their owners exchange friendly hellos. And, of course, those friendly folks from Anonymous have to capitalize on the spotlight being shone upon the Korean peninsula - starting to think that they're just out for the glory and headlines while the real folks that we need to be wary of are the ones that don't seek the headlines and attention.

There are a lot of ifs and whens that will shape this conflict... if China decides they've had enough of Kim Jong-un, expect North Korea to fall like a house of cards. If North Korea pulls the trigger first and goes after Seoul (which is their expected initial target due to proximity to the DMZ), they're not expected to be able to keep a barrage going for long and with a pair of US Air Force Bases in country as well as a carrier battle group based in Yokosuka, Japan, it wouldn't take long (if this administration is willing) to counterpunch.

Meanwhile, keep your popcorn handy as we watch the hacking back and forth between these two Yorkies. It won't get boring, that's for sure.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.